Training Cisco Certified Network Associate CCNA 640802

1
Training Cisco Certified Network Associate (CCNA
640-802)

• Mr.Kriangsak Namkot
• jodoi_at_jodoi.com
• jodoi1819_at_hotmail.com
• http//www.jodoi.com

2
Day 2

• Layer 2 Switching and Spanning Tree Protocol
  (STP)
• Virtual LANs (VLANs) , VTP , inter-VLAN routing
• Wide Area Networks , PPP connection , Frame Relay
  , xDSL
• LAB Configuration

3
Ethernet Switches and Bridges

• Address learning
• Forward/filter decision
• Loop avoidance

4
Transmitting Frames

• Cut-Through
• Switch checks destination address and immediately
  begins forwarding frame.

• Store and Forward
• Complete frame is received and checked before
  forwarding.

• Fragment-Free
• Switch checks the first 64 bytes, then
  immediately begins forwarding frame.

5
MAC Address Table

• Initial MAC address table is empty.

6
Learning Addresses

• Station A sends a frame to station C.
• Switch caches the MAC address of station A to
  port E0 by learning the source address of data
  frames.
• The frame from station A to station C is flooded
  out to all ports except port E0 (unknown unicasts
  are flooded).

7
Learning Addresses (Cont.)

• Station D sends a frame to station C.
• Switch caches the MAC address of station D to
  port E3 by learning the source address of data
  frames.
• The frame from station D to station C is flooded
  out to all ports except port E3 (unknown unicasts
  are flooded).

8
Filtering Frames

• Station A sends a frame to station C.
• Destination is known frame is not flooded.

9
Filtering Frames (Cont.)

• Station A sends a frame to station B.
• The switch has the address for station B in the
  MAC address table.

10
Broadcast and Multicast Frames

• Station D sends a broadcast or multicast frame.
• Broadcast and multicast frames are flooded to all
  ports other than the originating port.

11
Forward/Filter Decisions
12
Forward/Filter Decisions
13
Port Security

• Switch(config)interface fastEthernet 0/1
• Switch(config-if)switchport port-security ?
• mac-address Secure mac address
• maximum Max secure addresses
• violation Security violation mode
• ltcrgt
• Switch(config-if)switchport port-security
  maximum 1
• Switch(config-if)switchport port-security
  violation shutdown

14
Loop Avoidance

• Redundant topology eliminates single points of
  failure.
• Redundant topology causes broadcast storms,
  multiple frame copies, and MAC address table
  instability problems.

15
Broadcast Storms

• Host X sends a broadcast.
• Switches continue to propagate broadcast traffic
  over and over.

16
Multiple Frame Copies

• Host X sends a unicast frame to router Y.
• MAC address of router Y has not been learned by
  either switch yet.
• Router Y will receive two copies of the same
  frame.

17
MAC Database Instability

• Host X sends a unicast frame to router Y.
• MAC address of router Y has not been learned by
  either switch.
• Switches A and B learn the MAC address of host X
  on port 0.
• The frame to router Y is flooded.
• Switches A and B incorrectly learn the MAC
  address of host X on port 1.

18
Spanning-Tree Protocol

• Provides a loop-free redundant network topology
  by placing certain ports in the blocking state.

19
Spanning-Tree Operation

• One root bridge per network
• One root port per nonroot bridge
• One designated port per segment
• Nondesignated ports are unused

20
Spanning-Tree Protocol Root Bridge Selection

• Bpdu Bridge Protocol Data Unit (default
  sent every two seconds)
• Root bridge Bridge with the lowest bridge ID
• Bridge ID
• In the example, which switch has the lowest
  bridge ID?

21
Spanning-Tree Port States

• Spanning-tree transits each port through several
  different states

22
Spanning-Tree Port States (Cont.)
23
Spanning-Tree Path Cost
24
Spanning-Tree Example
25
Spanning-Tree Recalculation
26
Spanning-Tree Convergence

• Convergence occurs when all the switch and bridge
  ports have transitioned to either the forwarding
  or the blocking state.
• When the network topology changes, switches and
  bridges must recompute the Spanning-Tree
  Protocol, which disrupts user traffic.

27
Rapid Spanning-Tree Protocol
???????? ??? Listening ?????
28
Rapid Transition to Forwarding
29
Spanning-Tree

• Switchshow spanning-tree vlan 1
• VLAN0001
• Spanning tree enabled protocol ieee
• Root ID Priority 32769
• Address 0001.96DC.1A62
• Hello Time 2 sec Max Age 20 sec
  Forward Delay 15 sec
• Bridge ID Priority 32769 (priority 32770
  sys-id-ext 1)
• Address 0010.1116.A3A4
• Aging Time 300
• Interface Role Sts Cost Prio.Nbr Type
• ---------------- ---- --- --------- --------
  --------------------------------
• Fa0/1 Desg FWD 19 128.3 Shr
• Fa0/2 Root FWD 19 128.3 Shr
• Switch(config)spanning-tree vlan 1 priority 4096

30
VTP Modes

• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Sends/forwards advertisements
• Synchronizes
• Saved in NVRAM

• Creates VLANs
• Modifies VLANs
• Deletes VLANs
• Forwards advertisements
• Does not synchronize
• Saved in NVRAM

• Forwards advertisements
• Synchronizes
• Not saved in NVRAM

31
VTP Operation

• VTP advertisements are sent as multicast frames.
• VTP servers and clients are synchronized to the
  latest revision number.
• VTP advertisements are sent every 5 minutes or
  when there is a change.

32
Catalyst Default Configuration

• IP address 0.0.0.0
• CDP enabled
• 100baseT port autonegotiate duplex mode
• Spanning tree enabled
• Console password none

33
Configuration Switch

• ?? config
• erase start up
• reload
• ??????? config
• show running-config
• show spanning-tree
• show vlan
• show interfaces status
• show mac-address-table
• show ip int brief

34
Configuration Switch 2950

• Vlan 1 default
• ????? Vlan ??? ??????? vlan 2 4096
• ??? config
• Switchshow vlan
• Switchvlan database
• Switch(vlan)vlan 2 name aaa
• Switch(vlan)vlan 3 name bbb
• Switchconfig terminal
• Switch(config)interface FastEthernet 0/1-24
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 2

35
Configuration Switch 2960

• Vlan 1 default
• ??? config
• Switchconfig t
• Switch(config)vlan 2
• Switch(config-vlan)name Sales
• Switch (config-vlan)vlan 3
• Switch (config-vlan)name Marketing
• Switch(config)interface FastEthernet 0/1-24
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 2

36
Configuration Switch 2950,2960

• Config trunk
• Switchconfig terminal
• Switch(config)interface fastethernet 0/3
• Switch(config-if)switchport mode trunk
• Switch(config-if)switchport trunk encapsulation
  dot1q ,isl
• ???????? Switch 2960 ????? set ???? trunk ???
  encapsulation ?????? dot1q ???????? ??????????
  set switchport trunk encapsulation dot1q

Cisco only
37
Configuration Switch 2950,2960

• VLAN Trunking Protocol (VTP)
• Switchvlan database
• Switch(vlan)vtp server, client , transparent
• Switch(vlan)vtp domain jodoi
• Switch(vlan)vtp password password
• ????
• Switchconfig ter
• Switch(vlan)vtp mode server, client ,
  transparent
• Switch(vlan)vtp domain jodoi
• Switch(vlan)vtp password password
• Switchshow vtp status

38
Configuring IP Phone Voice Traffic

• Switchconfigure t
• Switch(config)mls qos
• Switch(config)interface f0/1
• Switch(config-if)switchport priority extend ?
• cos Override 802.1p priority of devices on
  appliance
• trust Trust 802.1p priorities of devices on
  appliance
• Switch(config-if)switchport priority extend
  trust
• Switch(config-if)mls qos trust cos
• Switch(config-if)switchport voice vlan do1p
• Switch(config-if)switchport mode access
• Switch(config-if)switchport access vlan 3
• Switch(config-if)switchport voice vlan 10

39
???????? config ?? router
40
Lab 1
PC1 ip 192.168.1.1/24 in vlan2 PC2 ip
192.168.1.2/24 in vlan3 PC3 ip 192.168.1.3/24
in vlan4 PC4 ip 192.168.1.4/24 in vlan5
PC5 ip 192.168.1.5/24 in vlan2 PC6 ip
192.168.1.6/24 in vlan3 PC7 ip 192.168.1.7/24
in vlan4 PC8 ip 192.168.1.8/24 in vlan5
41
Lab 2
PC1 ip 192.168.1.1/24 in vlan2 PC2 ip
192.168.1.2/24 in vlan3 PC3 ip 192.168.1.3/24
in vlan4 PC4 ip 192.168.1.4/24 in vlan5
PC5 ip 192.168.1.5/24 in vlan2 PC6 ip
192.168.1.6/24 in vlan3 PC7 ip 192.168.1.7/24
in vlan4 PC8 ip 192.168.1.8/24 in vlan5
42
Wide Area Networks

• Wan Connection
• lease line ? HDLC ,PPP ? Sync
• Circuit Switch (isdn) ? HDLC ,PPP ? Async
• Packet Switch ? Frame Relay ? Sync
• Cell Switch ? ATM ? Async
• DTE ? Data terminal equipment ??????
• DCE ? Data Circuit equipment ???????
• Show controller Serial 0 ???????????????????
  DTE ???? DCE

2 ???????? cisco
43
Configuration Router
router
DTE
DCE
CSU
DSU
Configinterface serial 0 configip address
10.10.10.2 255.255.255.0 configclock rate
64000 configencapsulation hdlc
Configinterface serial 0 configip address
10.10.10.1 255.255.255.0 configbandwidth
64 configencapsulation hdlc
Show controller Serial 0 ???????????????????
DTE ???? DCE
44
PPP Authentication Protocols

• Passwords sent in clear text
• Peer in control of attempts

45
Challenge Handshake Authentication Protocol

• Hash values, not actual passwords, are sent
  across link.
• The local router or external server is in control
  of attempts.

46
Configuration Router
pap
R1
R2
S0
S0
Configusername R1 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp pap
sent-username R2 password 3com
Configusername R2 password 3com Configinterface
S0 Config-ifencapsulation ppp Config-ifppp pap
sent-username R1 password cisco
debug ppp authen no debug all Username
?????????????????? ??? password ????
47
Configuration Router
chap
R1
R2
S0
S0
Chap password ??????????
Configusername R2 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp
authen chap
Configusername R1 password cisco Configinterface
S0 Config-ifencapsulation ppp Config-ifppp
authen chap
Chap username ??????????? hostname ??? password
???? 2 ??????????????
48
Frame Relay Overview

• Connections made by virtual circuits
• Connection-oriented service

49
Frame Relay Stack
OSI Reference Model
Frame Relay
Application
Presentation
Session
Transport
Network
IP/IPX/AppleTalk, etc.
Data-Link
Frame Relay
EIA/TIA-232, EIA/TIA-449, V.35, X.21, EIA/TIA-530
Physical
50
Frame Relay Terminology
51
Selecting a Frame Relay Topology

• Frame Relay default nonbroadcast, multiaccess
  (NBMA)

52
Configuration Router

• Frame Relay
• Point-to-point (no sub interface)
• Configinterface S0
• Config-ifencapsulation frame-relay cisco , ietf
• Config-ifip address 10.10.10.1 255.255.255.252
• Config-ifbandwidth 256
• Config-ifframe-relay lmi-type cisco , ansi ,
  q933a

53
Configuration Router

• Frame Relay
• Point-to-point ( sub interface)
• Configinterface S0
• Config-ifno ip address
• Config-ifencapsulation frame-relay cisco , ietf
  
• Configinterface S0.2 point-to-point
• Config-ifip address 10.10.10.1 255.255.255.0
• Config-ifbandwidth 128
• Config-ifframe-relay interface-dlci 120

Configinterface S0.3 point-to-point Config-ifip
address 20.20.20.1 255.255.255.0 Config-ifbandwid
th 128 Config-ifframe-relay interface-dlci 110
54
Configuration Router

• Frame Relay
• Point-to-multipoint ( sub interface)
• Configinterface S0
• Config-ifno ip address
• Config-ifencapsulation frame-relay
• Configinterface S0.2 multipoint
• Config-ifip address 10.10.10.1 255.255.255.0
• Config-ifbandwidth 256
• Config-ifframe-relay map ip 10.10.10.2 120
  broadcast
• Config-ifframe-relay map ip 10.10.10.3 110
  broadcast

55
Digital Subscriber Line
56
Digital Subscriber Line
57
Digital Subscriber Line
58
Digital Subscriber Line
59
Digital Subscriber Line
60
??? VPI ??? VCI ??????????????? ADSL
61
PPPoE Configuration

• !
• interface FastEthernet4
• pppoe enable group global
• pppoe-client dial-pool-number 1
• !
• interface Dialer 0
• ip address negotiated
• ip mtu1452
• encapsulation ppp
• dialer pool 1
• dialer-group 1
• ppp authentication chap callin
• ppp chap hostname Todd
• ppp chap password 0 lammle
• !

62
Virtual Private Networks

• Types of VPNs
• There are three different categories of VPNs
• Remote access VPNs Remote access VPNs allow
  remote users like telecommuters to securely
  access the corporate network wherever and
  whenever they need to.
• Site-to-site VPNs Site-to-site VPNs, or intranet
  VPNs, allow a company to connect its remote sites
  to the corporate backbone securely over a public
  medium like the Internet instead of requiring
  more expensive WAN connections like Frame Relay.
• Extranet VPNs Extranet VPNs allow an
  organizations suppliers, partners, and customers
  to be connected to the corporate network in a
  limited way for business-to-business (B2B)
  communications.

63
Virtual Private Networks

• four of the most common tunneling protocols
• Layer 2 Forwarding (L2F) Layer 2 Forwarding (L2F)
  is a Cisco-proprietary tunneling protocol, and it
  was their first tunneling protocol created for
  virtual private dial-up networks (VPDNs). VPDN
  allows a device to use a dial-up connection to
  create a secure connection to a corporate
  network. L2F was later replaced by L2TP, which is
  backward compatible with L2F.
• Point-to-Point Tunneling Protocol (PPTP)
  Point-to-Point Tunneling Protocol (PPTP) was
  created by Microsoft to allow the secure transfer
  of data from remote networks to the corporate
  network.
• Layer 2 Tunneling Protocol (L2TP) Layer 2
  Tunneling Protocol (L2TP) was created by Cisco
  and Microsoft to replace L2F and PPTP. L2TP
  merged the capabilities of both L2F and PPTP
  into one tunneling protocol.
• Generic Routing Encapsulation (GRE) Generic
  Routing Encapsulation (GRE) is another
  Cisco-proprietary tunneling protocol. It forms
  virtual point-to-point links, allowing for a
  variety of protocols to be encapsulated in IP
  tunnels.

64
Virtual Private Networks
65
Virtual Private Networks
66
Virtual Private Networks